I have a router with a large number of users that dial in via ISDN. For each new client I have been adding in a new dialer interface with a "dialer remote-name" command and also adding the user's details into our RADIUS box. What I would like to do is just have a single dialer interface configured to use RADIUS so that I do not need to change the router configuration for any new users.
The config for my dialer interface is below. If I add in a dialer remote-name with the username of someone on our RADIUS server this will work. Without it it does not.
description ISDN dialup - RADIUS authenticated
ip unnumbered Ethernet0
no ip directed-broadcast
no ip mroute-cache
peer default ip address pool dialinusers
dialer idle-timeout 99999
dialer enable-timeout 500
dialer hold-queue 10
no cdp enable
ppp authentication chap dial-in
I would appreciate if anyone can tell me where I am going wrong.
Thanks in advance,
You are using "dialer profiles" for dialin users..For that you need different interface for each users. You need to remove dialer profile related commands from the config to have a one general interface for all. To do that you need to
1)remove "dialer pool-member x" command under the physical interface like "interface serial x:23" in case of PRI or "interface bri x" in case of BRI line.
2)remove "dialer pool x" command under the "interface dialer x"..(all of the dialer interface)
Once you have removed all the above commands from the interfaces, need to enter "dialer rotary-group 1" command under the physical interface like "interface serial x:23" in case of PRI or "interface bri x" in case of BRI line.
With the command and the above config for "interface dialer 1" (as you have in the question" should do the job for you.
Here is the urls which has sample config for that
leave the aaa config as it is.
One more url for the same
It has sample config for local authentication but you can copy your working config for aaa part..It has links for aaa config too.
Thanks for your response. Just to clarify - I can only have one dialer interface to get it to work?
Since we are using the Rotary-groups, YES, just one dialer interface is required..
If you are using dialer profiles, like the way you have earlier, you need a dialer interface for each user.
I believe the feature you are after is virtual profiles. You need to create a virtual template interface instead of a dialer intreface.
Hope that helps.
The Dialer rotary-group worked fine (after reconfiguring the incoming ISDN to use ip unnumbered). I also noticed that I could not specify a dialer idle-timeout without using dialer in-band for a rotary group (I guess I can live with that).
Thanks everyone for your help.
We need to have dialer in-band configured in order to add the dialer idle-timeout command (the router will complain if not done in that sequence).
dialer in-band command will make any interface a DDR capable. So in order to apply any DDR or dialer related commands (which starts with keyword "dialer" mostly ) , you need to make that interface a ddr capable using "dialer in-band".